CVE-2026-10804 PUBLISHED

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

• Dem0 (VulDB User) reporter
• VulDB CNA Team coordinator

• VDB-368253 | Streamlit Palette hashing.py weak hash
• VDB-368253 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-10804 | CVE Analysis and Report
• Submit #831508 | streamlit 1.53.0 hash collision
• https://github.com/streamlit/streamlit/issues/14622
• https://github.com/streamlit/streamlit/pull/14635
• https://github.com/streamlit/streamlit/

• Use of Weak Hash CWE
• Risky Cryptographic Algorithm CWE